Configure threat feeds
Active threat response consists of MDR threat feeds, Sophos X-Ops threat feeds, and third-party threat feeds.
Threat feeds
-
MDR threat feeds
Sophos MDR analysts share intelligence about active threats in your network with the firewall.
-
Sophos X-Ops threat feeds
Threat database managed by SophosLabs.
-
Third-party threat feeds
Integrate third-party threat intelligence with the firewall.
Note
You can import and export threat exclusions, but you can't import or export threat feed configurations.
How the firewall implements threat feeds
The firewall first implements MDR threat feeds, followed by Sophos X-Ops and third-party threat feeds.
If an Indicator of Compromise (IoC) exists in all the threat feeds, the firewall acts as follows based on the value you set for Action:
- Log and drop: Drops the traffic, logs the event under MDR, and doesn't check the other threat feeds.
- Log only or Monitor: Logs separate events for MDR, Sophos X-Ops, and third-party threat feeds.